From 0b6f4b328bc6ceea3d4dc65763b2729254aaad4a Mon Sep 17 00:00:00 2001
From: Stuart Olivera <stuart@stuartolivera.com>
Date: Tue, 10 Jun 2014 00:27:26 -0400
Subject: [PATCH] Added username length limit according to db type

MySQL: Limit 14 characters
PostgreSQL: Limit 61 characters

Limits allow for at least 1 character to be used for database usernames & passwords
---
 web/add/user/index.php            | 14 ++++++++++++++
 web/templates/admin/add_user.html | 15 +++++++++++----
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/web/add/user/index.php b/web/add/user/index.php
index 59e9181ea..5881d24fb 100644
--- a/web/add/user/index.php
+++ b/web/add/user/index.php
@@ -53,6 +53,20 @@ if ($_SESSION['user'] == 'admin') {
             $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
         }
 
+        // Check username length
+        if (empty($_SESSION['error_msg'])) {
+            $username_len = strlen($_POST['v_username']);
+            exec (VESTA_CMD."v-list-database-types", $output, $return_var);
+            check_error($return_var);
+            if (strpos($output, "mysql") !== false)
+                $username_maxlen = 16 - 2;
+            elseif (strpos($output, "postgresql") !== false)
+                $username_maxlen = 63 - 2;
+            else
+                $username_maxlen = true; // Allow any length by default
+            if ($username_len > $username_maxlen ) $_SESSION['error_msg'] = __('Username is too long.',$error_msg);
+        }
+
         // Check password length
         if (empty($_SESSION['error_msg'])) {
             $pw_len = strlen($_POST['v_password']);
diff --git a/web/templates/admin/add_user.html b/web/templates/admin/add_user.html
index b645e7ac9..3a400b5a9 100644
--- a/web/templates/admin/add_user.html
+++ b/web/templates/admin/add_user.html
@@ -5,7 +5,7 @@
                 } else {
                     $back = "location.href='".$back."'";
                 }
-            ?> 
+            ?>
             <table class="submenu">
                 <tr>
                     <td style="padding: 20px 10px;" ><a class="name"><b><?php print __('Adding User');?></b></a>
@@ -17,7 +17,7 @@
                                     echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";
                                 }
                             }
-                        ?> 
+                        ?>
                     </td>
                 </tr>
             </table>
@@ -59,7 +59,14 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input" name="v_username" <?php if (!empty($v_username)) echo "value=".$v_username;  ?> >
+                                    <?php
+                                        exec (VESTA_CMD."v-list-database-types", $output);
+                                        if (strpos($output, "mysql") !== false)
+                                            $username_maxlength = 16 - 2;
+                                        elseif (strpos($output, "postgresql") !== false)
+                                            $username_maxlength = 63 - 2;
+                                    ?>
+                                    <input type="text" size="20" class="vst-input" name="v_username" maxlength="14" <?php if (!empty($username_maxlength)) echo "value=".$username_maxlength; if (!empty($v_username)) echo "value=".$v_username; ?> >
                                 </td>
                             </tr>
                             <tr>
@@ -102,7 +109,7 @@
                                                 }
                                                 echo ">".$key."</option>\n";
                                             }
-                                        ?> 
+                                        ?>
                                     </select>
                                 </td>
                             </tr>